If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

This threat was previously a zoo detection added on May 28, 2002. It was discovered in-the-wild on June 6, 2002.

Due to an increased rate of submissions, Symantec Security Response has upgraded the threat rating of VBS.VBSWG.AQ@mm to Category 3 as of June 6, 2002.

VBS.VBSWG.AQ@mm is a VBScript threat that is designed to send itself as ShakiraPics.jpg.vbs to users of Microsoft Outlook or IRC. This threat also overwrites .vbs and .vbe files with its own code. The email has the following characteristics:

If executed, the worm copies itself in the \windows\ directory under the filename "ShakiraPics.jpg.vbs", this file searches for all *.vbs files to overwrite with its viral code. Additionally, the file "Readme.vbs" gets added in the \Recycled\ directory. So that it gets run each time a user restart their computer the following registry key gets added: